The time of ransomware at the top of the malware food chain is over, statistics from Kaspersky shows that there was a massive increase in incidents of ransomware infection in 2016. As per their findings: “The total number of users who encountered ransomware fell by almost 30%, from 2,581,026 in 2016-2017 to 1,811,937 in 2017-2018. The number of users attacked with cryptors almost halved, from 1,152,299 in 2016-2017 to 751,606 in 2017-2018. The number of users attacked with mobile ransomware fell by 22.5% from 130,232 in 2016-2017 to 100,868 in 2017-2018.” The statistics show that ransomware decline is not just for the PC, but across the board including the mobile platforms.
The shrinking number of infections does not mean that the world of computing has won. This also does not mean that the cybercriminals have realized the error of their ways and are reforming for the good. The slumping number of incidents was because the cybercriminals have a newer and better way to make a profit out of their malware than what can they earn from ransomware. The full report of Kaspersky about their findings is published with complete details of the decline of ransomware and the rise of a newer threat. Their new baby has less damaging initial and long-term effects to the computer. Called the cryptocurrency mining malware, it is the “rising star” when it comes to more profitability for the virus authors.
Compared to Ransomware, which is very destructive to data if the victim refuses to pay the ransom demanded by its authors, Crypto mining malware is not designed to cause data loss for the victims. With the rise of popularity of cryptocurrencies such as Bitcoin and its various derivatives, a new platform emerges for cybercriminals to earn money.
This new virus once introduced into the system will not interfere with the regular workings of the operating system. The operating system will work as expected, user applications will continue executing normally and user data remain intact and unharmed. The main purpose of the cryptocurrency mining malware is to mine Bitcoin or any of its derivative using the CPU and GPU cycles of the computer it infects.
That means with all intents and purposes, the malware is not designed to destroy data or corrupt the OS and programs of the user. It will just run in the background, as it stealthily mines for cryptocurrency without the user realizing it. All the successfully mined currencies will then be sent back to the virus authors’ crypto wallet, rinse and repeat.
At first glance, this is good news for the community, as the harm of Ransomware was very impactful for its victims. The healthcare industry was the prime target of ransomware. They were forced to pay the ransom just to restore the vital patients’ data, one such example was a US-based Hancock Health hospital that paid the virus authors a sum amounting to $55,000 in order to recover the encrypted data.
Kaspersky Lab researcher emphasized: “Crafty cryptominers have moved up to take ransomware’s place, invading users’ and businesses’ computers and devices and taking advantage of their power to put cryptocurrency in the pockets of thieves. Whereas ransomware enters with a flourish and freaks out its victims, cryptominers strive to remain hidden — the longer they toil, the greater the perpetrators’ profit — and as a result, victims may not notice them for a time.”
The findings of Kaspersky Lab have been confirmed by its rival, Mcafee Labs. Their own report suggesting a similar result has been published this June 2018. In their study, a decline of 31% in ransomware infections has been observed. This reported decline coincides with the growth of crypto mining malware families operating in the wild:
Cybercriminals are taking advantage of computers with an inadequately patched operating system. They use the vulnerability present in Windows that were already patched by Microsoft months prior, but the system administrators have not applied it yet to the enterprise machines. McAfee has published a historical report on ransomware and cryptominers as well that supplements the June 2018 Thread Report.
A Mcafee Labs researcher concluded: “Compared with well-established cybercrime activities such as data theft and ransomware, cryptojacking is simpler, more straightforward, and less risky. All criminals must do is infect millions of systems and start monetizing the attack by mining for cryptocurrencies on victims’ systems. There are no middlemen, there are no fraud schemes, and there are no victims who need to be prompted to pay and who, potentially, may back up their systems in advance and refuse to pay.”